/[EMAIL PROTECTED](nl|ie|de|fr|pl|co\.za|co\.nz|dk|ch|ru|fi|mx|il|tw|ca|cz|lu|lt|ar).?$/i
^^ ^^ ^^^
> The third marked part feels incorrect as well. Do you really
> want chars there? This can result in FP with (sub)-domains
> ending with the given TLDs, like "foo.de.edu".
RE: the third part. I see from fields ending in " and ) so I wanted a complete wildcard here (though now im thinking [^\w] may have worked well too?). After re-reading the ? option, I realize why I did this because ? means zero or one time. So .?$ matches zero or 1 character at the end of the line after the _expression_. So it shouldn't FP on foo.de.edu. Right?
>
> >From =~ /[EMAIL PROTECTED](nl|ie|de|...|ar)>?$/
>
> The above RE will only trigger on TLDs that are at the end of
> the From: header (no real name) or ending with the optional
> ">" (with real name).
When I read this RE, it says match @.(nl|ie|de|...|ar) at the end of the line. So it wouldn't match @foo.com.de. Am I missing something?
> > I apologize if anyone from the list is from any of these countries,
> > please don't take it personally.. ;)
>
> Although this is not SPAM, I get added half a point. Spammy me... ;-)
Spamassassin scored you 2.5 points for saying "this is not SPAM." :)
Thanks for the help! I've learned more about regex in the past 20 mins then I have reading regex guides for 2 days.
